VIEWS: 1 PAGES: 10 CATEGORY: Communications POSTED ON: 4/27/2011
The present invention relates generally to communication networks, and more particularly to a method and architecture for a scalable application and security switch within a network environment.BACKGROUNDDeep packet inspection (DPI) provides an inspection and filtering function applied to received data packets for providing security, load balancing and application optimization. DPI examines the header and data portion of a packet (usually Layer4 through Layer 7) searching for specific or illegal statements or data to determine whether the data packet should be forwarded and/or the policies to be applied (e.g., allow/deny, load balance, encrypt, etc.). The application or functionality of DPImay also be applied to identify flows instead of packet by packet analysis.Prior art DPI switches included multiple data processing cores with attached local memory in a distributed environment with a shared backplane and used a load-balancing algorithm for distributing incoming traffic flows. Load-balancing wasperformed in software by the processing data core(s). This consumed significant and valuable processing power, added latency, and increased connection bandwidth due to an added hop between processing cores. In addition, this architecture was notreadily scaleable.One possible solution to provide scalability is to have a global flow manager which assigns every flow to one data plane CPU--based on some criteria such as the current load on the data plane CPUs. When a data plane CPU receives a packet whichdoes not have an associated session, the packet is directed to the global flow manager. The global flow manager becomes the central clearing house for managing flows and performs load-balancing and offloading of sessions on demand. The problem withthis architecture is that the global flow manager may become a bottle neck and multiple packet exchanges between the global flow manager and the data plane CPUs increases backplane traffic.Another possible solution is to proce
"Method And Architecture For A Scalable Application And Security Switch Using Multi-level Load Balancing - Patent 7672236"